This report is auto-generated from the latest RBAC Atlas scan (2026-05-04). It analyzes the RBAC permissions of 257 Kubernetes open-source projects across 25972 manifest versions to provide a snapshot of the current cloud-native threat landscape.
At a Glance
| Metric | Value |
|---|
| Projects analyzed | 257 |
| Total manifest versions | 25972 |
| Avg service accounts per project | 2.11 |
| Avg permission bindings per project | 30.62 |
| Avg workloads per project | 3.51 |
| Avg critical risks per project | 3.53 |
| Avg high risks per project | 3.5 |
| Avg medium risks per project | 2.24 |
| Avg low risks per project | 21.36 |
| Projects with critical risks | 171 |
| Projects with no RBAC permissions | 54 |
Risk Distribution
| Risk Level | Count | Percentage |
|---|
| Critical | 906 | 11.51% |
| High | 899 | 11.42% |
| Medium | 575 | 7.31% |
| Low | 5489 | 69.75% |
| Total | 7869 | |
Top 10 RBAC Risk Tags
Top 10 Triggered Risk Rules
| Rule | Occurrences |
|---|
| Base Risk Level - Low | 6931 |
| Base Risk Level - High | 758 |
| Read ConfigMaps in a namespace | 257 |
| Read secrets in a namespace | 237 |
| Read secrets cluster-wide | 189 |
| Base Risk Level - Medium | 177 |
| Read ConfigMaps cluster-wide | 163 |
| Modify ConfigMaps in a namespace | 158 |
| List Namespaces (Cluster Reconnaissance) | 146 |
| Read RBAC configuration cluster-wide | 142 |
Top 10 Riskiest Projects
Ranked by weighted risk score (critical×10 + high×5 + medium×2 + low×1), using only the latest version of each project.
Top 10 Projects by Permission Count
